{"id":"https://openalex.org/W4310632250","doi":"https://doi.org/10.48550/arxiv.2212.00612","title":"Purifier: Defending Data Inference Attacks via Transforming Confidence Scores","display_name":"Purifier: Defending Data Inference Attacks via Transforming Confidence Scores","publication_year":2022,"publication_date":"2022-12-01","ids":{"openalex":"https://openalex.org/W4310632250","doi":"https://doi.org/10.48550/arxiv.2212.00612"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2212.00612","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2212.00612","pdf_url":"https://arxiv.org/pdf/2212.00612","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2212.00612","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101184767","display_name":"Ziqi Yang","orcid":"https://orcid.org/0009-0000-1506-7214"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yang, Ziqi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101947133","display_name":"Lijin Wang","orcid":"https://orcid.org/0000-0003-4002-4894"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Lijin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101413055","display_name":"Yang Da","orcid":"https://orcid.org/0000-0002-2117-6983"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Da","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100941466","display_name":"Jie Wan","orcid":"https://orcid.org/0000-0003-1989-9311"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wan, Jie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101902155","display_name":"Ziming Zhao","orcid":"https://orcid.org/0000-0003-1455-4330"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhao, Ziming","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5105408906","display_name":"Ee\u2010Chien Chang","orcid":"https://orcid.org/0000-0003-4613-0866"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chang, Ee-Chien","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100403375","display_name":"Fan Zhang","orcid":"https://orcid.org/0000-0001-5894-3237"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Fan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5105297718","display_name":"Kui Ren","orcid":"https://orcid.org/0000-0002-1969-2591"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ren, Kui","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5101184767"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.8873301148414612},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.6770018339157104},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5911833047866821},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.5410155057907104},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5400320887565613},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5226611495018005},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.482045978307724},{"id":"https://openalex.org/keywords/confidence-interval","display_name":"Confidence interval","score":0.44024857878685},{"id":"https://openalex.org/keywords/statistical-inference","display_name":"Statistical inference","score":0.4296901822090149},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.42802488803863525},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.38185936212539673},{"id":"https://openalex.org/keywords/statistics","display_name":"Statistics","score":0.20289090275764465},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.19545412063598633}],"concepts":[{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.8873301148414612},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.6770018339157104},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5911833047866821},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5410155057907104},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5400320887565613},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5226611495018005},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.482045978307724},{"id":"https://openalex.org/C44249647","wikidata":"https://www.wikidata.org/wiki/Q208498","display_name":"Confidence interval","level":2,"score":0.44024857878685},{"id":"https://openalex.org/C134261354","wikidata":"https://www.wikidata.org/wiki/Q938438","display_name":"Statistical inference","level":2,"score":0.4296901822090149},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.42802488803863525},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.38185936212539673},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.20289090275764465},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.19545412063598633}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2212.00612","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2212.00612","pdf_url":"https://arxiv.org/pdf/2212.00612","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},{"id":"doi:10.48550/arxiv.2212.00612","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2212.00612","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2212.00612","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2212.00612","pdf_url":"https://arxiv.org/pdf/2212.00612","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"text"},"sustainable_development_goals":[{"score":0.7599999904632568,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3176240006","https://openalex.org/W3126451824","https://openalex.org/W137830373","https://openalex.org/W3000984192","https://openalex.org/W2103073163","https://openalex.org/W4286952477","https://openalex.org/W4321348134"],"abstract_inverted_index":{"Neural":[0],"networks":[1],"are":[2],"susceptible":[3],"to":[4,63],"data":[5,43],"inference":[6,12,22,67,107,142,161],"attacks":[7,108,139],"such":[8,31],"as":[9,32],"the":[10,14,20,25,33,35,38,46,51,71,77,146,155,159],"membership":[11,66,106],"attack,":[13,23],"adversarial":[15,136],"model":[16,137],"inversion":[17,138,147],"attack":[18],"and":[19,80,91,96,112,118,140,158],"attribute":[21,141,160],"where":[24],"attacker":[26],"could":[27],"infer":[28],"useful":[29],"information":[30],"membership,":[34],"reconstruction":[36],"or":[37],"sensitive":[39],"attributes":[40],"of":[41],"a":[42,59],"sample":[44],"from":[45],"confidence":[47,72,83],"scores":[48,84],"predicted":[49,75],"by":[50,76],"target":[52,78],"classifier.":[53],"In":[54],"this":[55],"paper,":[56],"we":[57],"propose":[58],"method,":[60],"namely":[61],"PURIFIER,":[62],"defend":[64,105],"against":[65],"attacks.":[68,143],"It":[69],"transforms":[70],"score":[73],"vectors":[74],"classifier":[79],"makes":[81],"purified":[82],"indistinguishable":[85],"in":[86,134,169],"individual":[87],"shape,":[88],"statistical":[89],"distribution":[90],"prediction":[92],"label":[93],"between":[94],"members":[95],"non-members.":[97],"The":[98],"experimental":[99],"results":[100],"show":[101,128],"that":[102,129],"PURIFIER":[103,130,166],"helps":[104],"with":[109],"high":[110],"effectiveness":[111],"efficiency,":[113],"outperforming":[114],"previous":[115],"defense":[116],"methods,":[117],"also":[119,132],"incurs":[120],"negligible":[121],"utility":[122],"loss.":[123],"Besides,":[124],"our":[125,170],"further":[126],"experiments":[127],"is":[131,149,167],"effective":[133],"defending":[135],"For":[144],"example,":[145],"error":[148],"raised":[150],"about":[151],"4+":[152],"times":[153],"on":[154],"Facescrub530":[156],"classifier,":[157],"accuracy":[162],"drops":[163],"significantly":[164],"when":[165],"deployed":[168],"experiment.":[171]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-02-09T09:26:11.010843","created_date":"2022-12-13T00:00:00"}